Web pages often include more that formatted text. It is now common to include commands in web pages that cause the execution of scripts or other types of code on a computer viewing the web page. This is often referred to as “embedding” code or software in a web page in that, even though the actual code does not exist within the web page, the commands in the web page cause the code to be executed as part of the viewing process or in response to some user action. ActiveX, Flash, Shockwave, Javascript and style sheets are all examples of different types of embedded code that may be automatically executed on a computer when a web page is viewed.
Because the embedded code is executed on the viewing computer, these executables are often used by miscreants to gain access to other's computer for nefarious purposes. For example, an ActiveX control may be used to install a dialer, spyware, or a Trojan horse on a computer without the computer user's knowledge when the computer views a web page. Without inspecting the source code of a web page (e.g., the HTML code that makes up the page), a viewer normally will know what embedded code will be executed upon viewing the web page. In addition, simply by looking at the source code, a user often can not determine if an item of embedded code is malicious or not.